Phishing Analysis
Detailed analysis of captured phishing page
Visual Capture
Detection Info
https://e-service.org/landingpages/214dde44-d83d-472c-808d-4304cf3e308c/-6z9gapf4ucnrxpig7x__bglxzqfdufqtbnrb6-gksm
Detected Brand
FedEx
Country
International
Confidence
95%
HTTP Status
200
Report ID
5dc6ee68-5d6…
Analyzed
2026-03-17 04:52
Content Hashes (HTML Similarity)
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T18E32F2B8F04FB4D216A6EDBA7A49572972BB435BD31A2C253F3C196145E3C2097600BF |
|
CONTENT
ssdeep
|
96:TReE7FLruHpXvMoa6cDJPA5J6ABpBlTpTYBsKYDY8JIA45VdcYz8l0n9+WGyGjcA:NeE7TTQtaOkmoGiv9w8XOL |
Visual Hashes (Screenshot Similarity)
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
ed6d6d9292929293 |
|
VISUAL
aHash
|
c3c3c3ffffffffff |
|
VISUAL
dHash
|
1696962912480000 |
|
VISUAL
wHash
|
c3c3c3dfff4e0000 |
|
VISUAL
colorHash
|
07000600010 |
|
VISUAL
cropResistant
|
1696962912480000,202c20a026080020 |
Code Analysis
Risk Score
50/100
Threat Level
ALTO
⚠️ Phishing Confirmed
🎣 Credential Harvester
🔬 Threat Analysis Report
• Threat: Phishing
• Target: FedEx customers
• Method: Impersonation of login page.
• Exfil: Form data sent to a suspicious location.
• Indicators: Mismatched domain, JavaScript form submission, unusual form path.
• Risk: HIGH
🔐 Credential Harvesting Forms
📤 Form Action Targets
- /landingpages/ac5c9c07-fe9d-4dc8-9780-8ff30d1206d7/-6z9gapf4ucnrxpig7x__bglxzqfdufqtbnrb6-gksm
📊 Risk Score Breakdown
Total Risk Score
90/100
Contributing Factors
Domain mismatch
The domain 'e-service.org' is unrelated to FedEx.
JavaScript form submission
Javascript submission adds risk of malicious payload
Suspicious Form Action Destination
The form action points to an unusual path for a FedEx login.
🔬 Comprehensive Threat Analysis
Threat Type
Credential Harvesting Kit
Target
FedEx users (International)
Attack Method
Brand impersonation + credential harvesting forms
Exfiltration Channel
HTTP POST to backend
Risk Assessment
MEDIUM - Automated credential harvesting with HTTP POST to backend
⚠️ Indicators of Compromise
- Kit types: Credential Harvester
🏢 Brand Impersonation Analysis
Impersonated Brand
FedEx
Official Website
fedex.com
Fake Service
FedEx login
⚔️ Attack Methodology
Primary Method: Credential Harvesting
The attacker aims to steal user credentials by presenting a fake login page that mimics the appearance of FedEx's login portal. The form data is likely sent to a server controlled by the attacker.
🌐 Infrastructure Indicators of Compromise
Domain Information
Domain
e-service.org
Registered
2018-07-24
Registrar
NameCheap
Status
active
🤖 AI-Extracted Threat Intelligence
Similar Websites
Pages with identical visual appearance (based on perceptual hash)
FedEx
http://onlineservicetec.com/landingpages/214dde44-d83d-472c-...
Jun 02, 2026
FedEx
https://www.onlineservicetec.com/landingpages/214dde44-d83d-...
Jan 05, 2026
FedEx
https://www.onlineservicetec.com/landingpages/214dde44-d83d-...
Jan 05, 2026
FedEx
https://www.onlineservicetec.com/landingpages/214dde44-d83d-...
Jan 05, 2026
FedEx
https://www.internetservicetech.com/landingpages/214dde44-d8...
Jan 05, 2026
Scan History for e-service.org
Found 10 other scans for this domain
-
https://www.e-service.org/landingpages/dd263864-38...
https://www.e-service.org/landingpages/214dde44-d8...
https://www.e-service.org/landingpages/214dde44-d8...
https://www.e-service.org/landingpages/214dde44-d8...
https://www.e-service.org/landingpages/214dde44-d8...
https://www.e-service.org/landingpages/214dde44-d8...
https://www.e-service.org/landingpages/214dde44-d8...
https://www.e-service.org/landingpages/214dde44-d8...
https://www.e-service.org/landingpage/dd263864-38a...
https://www.e-service.org/landingpage/dd263864-38a...
"I Never Thought It Would Happen to Me"
That's what 2.3 million victims say every year. Don't wait to become a statistic.